// Ripped from https://github.com/Ch0pin/medusa/ and modified to fit Androguard packets

colorLog('[+] LOADING HELPER/ANTIDEBUG/BINARIES.JS', {c: Color.Red});


var RootBinaries = ["su", "busybox", "supersu", "Superuser.apk", "KingoUser.apk", "KingoRoot.apk", "SuperSu.apk", "magisk", "otacerts.zip", "Kingroot.apk"];

var NativeFile = Java.use('java.io.File');

NativeFile.exists.implementation = function() {
    var name = NativeFile.getName.call(this);
    agPacket({name: name}).send();

    var shouldFakeReturn = (RootBinaries.indexOf(name) > -1);
    if (shouldFakeReturn) {
        agSysPacket({information: "bypass", cmd: name}).send();
        return false;
    } else {
        return this.exists.call(this);
    }
};

NativeFile.$init.overload("java.lang.String").implementation = function(path){
    agPacket({path: path}).send();
    return NativeFile.$init.overload("java.lang.String").call(this, path);
}

NativeFile.$init.overload("java.io.File", "java.lang.String").implementation = function(fileObject, path){
    agPacket({fileObject: fileObject.toString(), path: path}).send();
    return NativeFile.$init.overload("java.io.File", "java.lang.String").call(this, fileObject, path);
}

NativeFile.$init.overload("java.lang.String", "java.lang.String").implementation = function(parent, path){
    agPacket({parent: parent, path: path}).send();
    return NativeFile.$init.overload("java.lang.String", "java.lang.String").call(this, parent, path);
}

NativeFile.$init.overload("java.net.URI").implementation = function(neturi){
    agPacket({neturi: neturi.toString()}).send();
    return NativeFile.$init.overload("java.net.URI").call(this, neturi);
}


Interceptor.attach(Module.findExportByName("libc.so", "fopen"), {
    onEnter: function(args) {
        var path = Memory.readCString(args[0]);
        if (path) {
            var spath = path;
            path = path.split("/");
            var executable = path[path.length - 1];

            agPacket({executable: executable, path: spath}).send();

            var shouldFakeReturn = (RootBinaries.indexOf(executable) > -1);
            if (shouldFakeReturn) {
                Memory.writeUtf8String(args[0], "/notexists");
                agSysPacket({information: "bypass", cmd: executable}).send();
            }
        }
    },
    onLeave: function(retval) {
    }
});